The TensorFlow project has started the year with a slew of security releases, fixing some medium to severe vulnerabilities arising from lack of validation or implementation mishaps. Versions 2.3.2, 2.2.2, 2.1.3, 2.0.4, and 1.15.5 are now available for download and include patches to mitigate access to uninitialised memory in Eigen code, and flaws that let users read outside of bounds and cause crashes. Various dependency updates should also help to reduce the platform’s attack surface.
Developers should be aware that these are the last patch releases for series 1.x and 2.0.x, so switching to a newer version should be considered for a system’s longer-term security.
Prost Sofia! Cider gets first major release to cheer up Clojure devs
The Clojure interactive development environment CIDER finally got pushed over the magical 1.0 line. The Emacs extension started its life in 2012 as nrepl.el and was seen as an attempt to replace the hacked SLIME version – often used back then for developing with the Lisp dialect – with something better suited.
Explaining the timing of the release, project steward Bozhidar Batsov wrote 2020 had been a “horrible year” and he reckoned fellow workers need “all the good news we could get[..]. While I can’t help the fight against the pandemic, I hope I can cheer you up a bit, by delivering another iteration of your favorite software that rocks.”
CIDER 1.0, codenamed Sofia, therefore isn’t what you’d normally expect from a major release – Batsov himself describes it as “almost the same as CIDER 0.26”.
However, the project used the update to switch to the semantic versioning scheme, which is meant to make upgrades less painful, and will no longer prompt users to confirm the symbol when working with commands that act on the symbol at point.
Though there are no real plans on what to tackle next, Batsov said “proper support for sideloading, adding support for dynamic middleware loading, and improvements to the session management” were considerations.
Chef determines Infra Server 13 end of life
Chef product manager Tim Smith has used the company blog to warn users of version 13 of the configuration hub about its upcoming deprecation. Users should start planning their upgrades now because development will cease this 30 June with no new versions to be released afterwards.
According to Smith this is down to Infra Server 13 containing “legacy versions of components such as Oracle Java, Apache Solr, and RabbitMQ” that “are no longer supported by their vendors and community”. Switching to Chef Infra Server 14, which was released in October 2020, is seen as a lower risk than making the changes necessary to keep v13 secure, which is why the company decided to terminate the older version.
Chronosphere exits beta, steps into cloud-native monitoring space
Software startup Chronosphere has announced its monitoring product of the same name is ready for general consumption. After a year of beta testing, the team of ex-Uber employees reckons the product is in a good enough place to compete with other players in the cloud-native monitoring market, promising better scalability than main-competitor Prometheus, and “customizable monitoring purpose-built for companies adopting cloud-native”. Cost-efficiency and spending control are also on the list of highlighted features, though this of course often depends on the way these things are set up.
Under the hood, Chronosphere uses metrics engine M3, which the team helped to create when they worked for the ride-sharing provider Uber. The project was released into the open source space in 2018.